General
-
Target
a65e7e46dc2d499a2c77e14ed6b223164e82757887b92971d9284e5fef74a6a8
-
Size
1.2MB
-
Sample
211023-l2p1ladbhl
-
MD5
b3810e943f86b43035406242f690116a
-
SHA1
67bc1e63df596b2f66fd377d5e566dba25c9fa53
-
SHA256
a65e7e46dc2d499a2c77e14ed6b223164e82757887b92971d9284e5fef74a6a8
-
SHA512
c406acde6947c6760840bc8bd68447c586a3e75143e2626c69f1c38fa928b528e809714bc0bdd99254ccdd77f201799a8aec788d737df4a2e5e5f72b8236c3e8
Static task
static1
Malware Config
Extracted
danabot
2052
4
192.119.110.73:443
192.236.147.159:443
192.210.222.88:443
-
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
-
type
main
Targets
-
-
Target
a65e7e46dc2d499a2c77e14ed6b223164e82757887b92971d9284e5fef74a6a8
-
Size
1.2MB
-
MD5
b3810e943f86b43035406242f690116a
-
SHA1
67bc1e63df596b2f66fd377d5e566dba25c9fa53
-
SHA256
a65e7e46dc2d499a2c77e14ed6b223164e82757887b92971d9284e5fef74a6a8
-
SHA512
c406acde6947c6760840bc8bd68447c586a3e75143e2626c69f1c38fa928b528e809714bc0bdd99254ccdd77f201799a8aec788d737df4a2e5e5f72b8236c3e8
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-